Siemens SIMATIC NET CP 443-1 Advanced Manual page 64

S7-400 - industrial ethernet

Hide thumbs Also See for SIMATIC NET CP 443-1 Advanced:

Manual (58 pages)

Equipment manual (107 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

page of 126

/ 126
Contents
Table of Contents
Bookmarks

Table of Contents

Configuration and operation

6.1 Security recommendations

Security functions of the product

Use the options for security settings in the configuration of the product. These includes

among others:

● Protection levels

Configure access to the CPU under "Protection".

● Security function of the communication

– Enable the security functions of the CP and set up the firewall.

– Use the secure protocol variants HTTPS, FTPS, NTP (secure) and SNMPv3.

– Leave access to the Web server of the CPU (CPU configuration) and to the Web

● Logging function

Enable the function in the security configuration and check the logged events regularly for

unauthorized access.

● Protection of the passwords of program blocks

Protect the passwords that are stored for the blocks in data blocks from being viewed.

The procedure is described below.

Know-how protection of blocks (STEP 7 V5)

You can prevent the contents of data blocks (e.g. passwords) from being read out by

protecting the block with the "KNOW_HOW_PROTECT" option. Follow the steps outlined

below in STEP 7:

1. Select the DB in the block folder.

2. Open the block in the editor.

3. Close the block in the editor.

4. Generate a source from the block in the editor.

5. Select the source of the DB in the sources folder.

6. Open the source.

7. Insert an empty line in the header of the source and write "KNOW_HOW_PROTECT" in

this line.

8. Compile the source.

Result: The block is protected. You can recognize this by the padlock symbol of the DB in

the block folder.

If you connect to public networks, you should use the firewall. Think about the services

you want to allow access to the station via public networks. By using the

"Transmission speed" of the firewall, you can restrict the possibility of flooding and

DoS attacks.

The FETCH/WRITE functionality allows you to access any data of your PLC. The

FETCH/WRITE functionality should not be used in conjunction with public networks.

server of the CP disabled.

CP 443-1 Advanced (GX30)

Manual, 03/2019, C79000-G8976-C256-05

Table of Contents

Show Quick Links

Quick Links:
Properties of the Cp
Communication Services
Characteristics of Open Tcp/Ip Communication
Leds

Hide quick links:

Table of Contents

Siemens SIMATIC NET CP 443-1 Advanced Manual page 64

Hide quick links:

Related Manuals for Siemens SIMATIC NET CP 443-1 Advanced

Related Products for Siemens SIMATIC NET CP 443-1 Advanced

Table of Contents